The packages for Pidgin released as DSA 2038-2 had a regression, as theyunintentionally disabled the Silc, Simple, and Yahoo instant messagingprotocols. This update restore that functionality. For reference theoriginal advisory text below.

Several remote vulnerabilities have been discovered in Pidgin, a multiprotocol instant messaging client. The Common Vulnerabilities andExposures project identifies the following problems:

CVE-2010-0420

Crafted nicknames in the XMPP protocol can crash Pidgin remotely.

CVE-2010-0423

Remote contacts may send too many custom smilies, crashing Pidgin.

Since a few months, Microsoft's servers for MSN have changed the protocol,making Pidgin non-functional for use with MSN. It is not feasible to portthese changes to the version of Pidgin in Debian Lenny. This updateformalises that situation by disabling the protocol in the client. Usersof the MSN protocol are advised to use the version of Pidgin in therepositories of www.backports.org.

For the stable distribution (lenny), these problems have been fixed inversion 2.4.3-4lenny8.

For the unstable distribution (sid), these problems have been fixed inversion 2.6.6-1.

We recommend that you upgrade your pidgin package.

Upgrade instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line forsources.list as given below: